TrapDoor Targets Solana, Sui and Aptos as Bitcoin ETF Outflows Hit Nine Days

TrapDoor’s package attack on Solana, Sui, and Aptos workflows is a useful guide to today’s market: the weak point is not always the token or the chain, but the layer around it that people assumed they could trust. The same selectivity shows up in bitcoin’s record nine-day ETF outflow streak, in Kalshi’s move from policy argument to court, and in strategic money still backing Korean exchange infrastructure even as broad crypto buying keeps fading. As with the prediction-market thread from last week, the question is no longer just who wants in, but which parts of the system people are still willing to rely on.

Bitcoin’s ETF Outflow Streak Is Starting to Look Like a Buyer Drought

Record long-term holder supply usually sounds bullish. But when 15.8 million BTC sits in the “long-term” bucket partly because coins simply aged past 155 days without trading, the same statistic can point to a market going quiet, not getting stronger.

That changes how this week’s ETF selling looks. After yesterday’s liquidation shock, the new fact is that U.S. spot bitcoin ETFs have now posted nine straight trading days of net outflows, with roughly $2.8 billion pulled over the streak. That is the longest run of withdrawals since the products launched. Bitcoin’s slide from roughly $80,000 to the low $73,000s came alongside those redemptions, but the deeper problem is not just forced selling on a weak tape. The steadier source of demand that was supposed to absorb supply is not showing up.

The on-chain data sharpens the picture. CryptoQuant says short-term holder supply has fallen by about 2.2 million BTC since December, including roughly 900,000 BTC from Coinbase reserves that simply aged into the long-term-holder category. That is not the same as a wave of new conviction buying. It may just mean coins are sitting still. Large-holder behavior points the same way: whale balances are contracting year over year, and growth in the 100-to-1,000 BTC cohort tied heavily to ETFs and treasury buyers has slowed after peaking last year.

In a healthy bid-driven market, coins move because new buyers are willing to pay up and pull supply out of circulation. Here, some supply looks “tight” because turnover is dying. That leaves price more dependent on a smaller set of active buyers, and it helps explain why crypto is sagging even as U.S. equities push toward records.

Derivatives are showing caution more than panic. Front-end implied volatility is still low, but one-week put skew has risen, which means traders are paying more for downside protection than for upside. Prediction markets also point to stagnation, with heavy odds on bitcoin finishing this week inside a narrow $72,000-$76,000 band.

There is a caveat: past sustained ETF outflows have sometimes lined up with local bottoms, not the start of a deeper unwind. But that is a pattern, not support. Right now the cleaner read is that bitcoin does not just have sellers; it has too few natural buyers, and that makes for a more fragile market.

TrapDoor Turns Crypto’s Weakest Link Into the Developer Laptop

An attacker does not need your seed phrase if they can get the wrong package onto a programmer’s machine first. Socket says the TrapDoor campaign planted more than 34 malicious packages, plus hundreds of related versions and artifacts, across npm, PyPI, and Crates.io, with lures aimed at Solana, Sui, and Aptos workflows.

What makes this different from the usual wallet-drain story is where the attack starts and how far it can spread. The package install is only step one. The code then tries to pull wallet files, SSH keys, AWS credentials, GitHub tokens, browser data, and other local secrets off the machine. If an attacker gets SSH access or cloud keys, they may not just empty one wallet; they can move into repos, build systems, servers, and release pipelines. One poisoned dependency can become a path into multiple apps and users later.

The delivery methods were built around normal coding habits. On npm, the packages used post-install hooks. In Python, Socket said some packages ran remote JavaScript on import. In Rust, malicious build.rs scripts fired during compilation, which matters because that route specifically touched Sui and Move-oriented builders. Nothing here requires a protocol bug on Solana or Aptos itself. The attacker is borrowing trust from the software supply chain that teams already use every day.

The oddest piece is the AI persistence angle. Socket says the campaign also tampered with files like .cursorrules and CLAUDE.md, hiding instructions with zero-width Unicode characters so future AI coding sessions could be nudged into fake “security scans” that leak more secrets. That is a new kind of crypto risk: malware that tries to shape the next coding conversation, not just the current machine state.

The evidence so far does not show confirmed victims or stolen funds. But the security lesson is clear. In crypto, the next broad attack surface may be less about tricking end users into signing and more about quietly occupying the tools used to build what everyone else signs.

Kalshi Asks a Court to Stop Minnesota’s Prediction-Market Ban

On Aug. 1, Minnesota says operating, hosting, or promoting prediction markets could become a crime. Kalshi’s response was not another policy comment letter. It sued in federal court to stop the law before it takes effect.

That matters because the fight has moved past access friction and into a cleaner jurisdiction test. Last week the story was that prediction markets were getting pulled deeper into review and enforcement. Now a platform is asking a judge to decide whether a state can criminalize an activity that U.S. commodities law may already cover.

Kalshi’s argument is straightforward. The Commodity Exchange Act gives the CFTC exclusive jurisdiction over derivatives and swaps traded on federally regulated designated contract markets. If Kalshi is operating inside that lane, Minnesota cannot make the same activity a state crime. The state is not just adding disclosure rules or consumer warnings; it is trying to ban the business itself inside its borders.

The timing strengthens Kalshi’s case politically and institutionally, even if not yet legally. The CFTC had moved against the Minnesota law on similar constitutional grounds just after it was signed. That means Kalshi is not pleading for a carveout from an unfriendly supervisor. It is aligning itself with the regulator that claims the turf.

The advertising piece widens the stakes. Minnesota’s law reportedly reaches marketing and promotion too, and Kalshi says that violates the First Amendment. If that claim gains traction, states would have a harder time choking off these venues by targeting speech and distribution rather than the contracts themselves.

No court has settled this yet. But the immediate consequence is clear: prediction markets are becoming a test of national versus state power. If Kalshi keeps winning injunctions, the venue question will matter less than who gets to decide whether the market exists at all.

OKX Ventures and Korea Investment Buy Into Coinone

At a moment when broad crypto buyers are scarce, strategic money is still writing nine-figure checks for exchange equity. OKX Ventures and Korea Investment & Securities plan to invest a combined 160 billion won, about $106 million, into South Korea’s Coinone, with each taking 19.6% if regulators approve the deal.

That is a cleaner signal than another short token bounce because equity in an exchange is a bet on future flow, licensing, and customer capture, not just on coins rising next week. Korea Investment is a major local brokerage. OKX brings global crypto reach. Together they are paying for a regulated local venue in one of crypto’s most active retail markets, while leaving Coinone CEO Cha Myunghun in control with an expected 27.8% stake. This is outside capital joining the cap table, not staging a takeover.

The structure matters too. The deal mixes secondary share purchases with newly issued shares, so some money gives existing holders an exit while some goes into Coinone itself. That makes this both a liquidity event and a growth financing. Coinone’s stated push into stablecoins and tokenized securities helps explain why these buyers showed up: when end-demand is uncertain, institutions still prefer the licensed venue that can list, distribute, and eventually package the next wave of products.

Approval is still pending, so governance rights and final terms can change. But the direction is clear enough: even in a weaker tape, capital is still available for the gatekeepers investors think will matter when trust gets rebuilt one channel at a time.